Security News > 2022 > December > Week in review: Citrix and Fortinet RCEs, Microsoft fixes exploited zero-day
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP!An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned.
Microsoft fixes exploited zero-day, revokes certificate used to sign malicious driversIt's December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw exploited by attackers to deliver a variety of malware.
Security measures to protect Kubernetes workloadsIn this Help Net Security video, Deepak Goel, CTO of D2iQ, provides insight into which security measures can help organizations that use Kubernetes better protect their workloads - and the implications of what can happen if they don't.
Security is no longer an internal affair67% of respondents to a recent survey indicated their company had lost a business deal due to the customer's lack of confidence in their security strategy.
How companies can avoid costly data breachesIn this Help Net Security video, Balaji Ganesan, CEO at Privacera, talks about how organizations are moving to a zero-trust framework and beyond, meaning they have security frameworks that span from perimeter apps to their data at a granular level.
Lack of key domain security measures leaves organizations at riskIn this Help Net Security video, Ihab Shraim, CTO at CSC, talks about how 75% of the Forbes Global 2000 are exposing themselves to significant enterprise risks as third parties maliciously register their brands, and they fail to implement key domain security measures.
News URL
Related news
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)